Re: CVE-2010-1640 and CVE-2010-1639 (clamav) fixed in volatile

To: Yves-Alexis Perez <corsac@debian.org>, debian-security-tracker@lists.debian.org
Subject: Re: CVE-2010-1640 and CVE-2010-1639 (clamav) fixed in volatile
From: Raphael Geissert <geissert@debian.org>
Date: Thu, 05 Aug 2010 21:51:40 -0400
Message-id: <[🔎] 4c5b6aad.c507e60a.1492.093a@mx.google.com>
References: <[🔎] 1280728212.11855.3.camel@hidalgo>

Hi,

Yves-Alexis Perez wrote:
> #584183 is marked as fixed in version 0.96.1+dfsg-1~volatile1 (the one
> in lenny volatile) but the tracker doesn't see it, so debsecan thinks
> the package is vulnerable. Could that version be marked as “fixed”?

No, neither the tracker nor the stable or testing security teams support 
volatile. The real reason is the technical limitation, but we can not even 
do it for backports (where somebody was said to work on security support 
there.)

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Reply to:

Follow-Ups:
- Re: CVE-2010-1640 and CVE-2010-1639 (clamav) fixed in volatile
  - From: Yves-Alexis Perez <corsac@debian.org>

References:
- CVE-2010-1640 and CVE-2010-1639 (clamav) fixed in volatile
  - From: Yves-Alexis Perez <corsac@debian.org>

Prev by Date: CVE-2010-1640 and CVE-2010-1639 (clamav) fixed in volatile
Next by Date: Re: CVE-2010-1640 and CVE-2010-1639 (clamav) fixed in volatile
Previous by thread: CVE-2010-1640 and CVE-2010-1639 (clamav) fixed in volatile
Next by thread: Re: CVE-2010-1640 and CVE-2010-1639 (clamav) fixed in volatile
Index(es):
- Date
- Thread